1. Introduction

Personal data protection is treated as one of the most important aspects within „JBG-2” Sp. z o.o. activity (hereinafter referred to as: „JBG-2”), as well as in the entire JBG corporate group of companies, of which JBG-2 is a part. As a company, particularly responsible for the production of professional refrigeration equipment and at the same time as a Data Controller, we feel responsible for the safety of the personal data. Our aim is to inform you properly about issues related to personal data processing, in particular, in view of the content of the new data protection regulations, including the Regulation of the European Parliament and of the Council Regulation (EU) 2016/679 of 27.04.2016 on the protection of natural persons with regard to the processing of personal data and on the free data movement and repeal of the Directive 95/46/EC (hereinafter referred to as: “GDPR”). Hence, in this document we inform you about legal basis for personal data processing, methods of collection and use, as well as the rights of the Data Subjects related to the processing.

JBG-2, as a reliable company, also implements the requirements set forth in the Telecommunications Law Act, i.e. of 15 September 2017 (Journal of Laws of 2017, item 1907, as amended) in connection with the use of cookies. JBG-2, as the owner of the website www.jbg2.com, is obliged to inform the users about the afore-mentioned files, which the internet service places in the user's computer and for what purpose it does so.

2. Personal data

2.1. What are personal data and what does the processing mean?

Personal data means information about identified or identifiable natural person. Identifiable natural person is a person who may be directly or indirectly identified, in particular, on the basis of the ID information such as: first name and surname, ID number, location data, on-line ID or one, or several specific factors determining the physical, physiological, genetic, mental, economic, cultural or social identity of a natural person. Personal data processing is, in principle, any act on personal data, whether or not it is carried out automatically, e.g. collection, storage, retention, organisation, modification, viewing, use, sharing, limiting, erasure or destruction. JBG-2 processes personal data for different purposes but depending on the purpose, various ways of collection, legal basis for processing, use, disclosure and retention periods may apply.

2.2. When does this Privacy Policy apply?

This Privacy Policy applies to all cases in which JBG-2 is a Data Controller and processes personal data. This applies to both cases in which JBG-2 processes personal data collected directly from the Data Subject, as well as cases where we have collected personal data from other sources. JBG-2 fulfils its information duties in both cases above-mentioned, i.e. in accordance with Articles 13 and 14 of the GDPR.

The Data Controller means a natural or legal person, public authority, entity or other entity which individually or jointly with others determines the purposes and ways of processing personal data, and in this case, the Data Controller is JBG-2, in accordance with the following information:„JBG – 2” sp. z o.o. with its registered office in Warszowice (43-254), ul. Gajowa 5, the records in the Register of Entrepreneurs of the National Court Register in the District Court in Gliwice, X Commercial Division of the National Court Register, KRS number 0000066339, NIP number [Taxpayer Identification Number]: 6342383421, share capital in the amount of PLN 2.300.000,00.

JBG-2 has designated within its structures a contact person for issues related to personal data - Inspector for the Protection of Personal Data iod@jbg2.com. In case of any questions or doubts related to the processing of personal data by JBG-2, please contact us at the above-mentioned e-mail address.

2.3. In what way, on the basis of which legal basis and what types of personal data are processed by JBG-2?

We would like to be transparent about the ways and legal basis of processing personal data as well as the purposes for which JBG-2 processes personal data. We make all effort to indicate the necessary information in this respect to each person whose personal data are processed by JBG-2 as a Data Controller. In order to make our explanation of these issues as clear as possible, we present the following list of personal data processing operations in connection with the operated website.

At the same time, we would like to point out that whenever we process personal data on the basis of the legitimate interest of the Data Controller (Article 6(1)(f) of the GDPR), we try to analyse and balance our interest and the potential impact on the Data Subject (positive and negative) as well as the rights of the Data Subject under the provisions on personal data protection. We do not process personal data on the basis of our legitimate interest if we conclude that the impact on the Data Subject would outweigh our interests (in this case we may process personal data if we have appropriate consent or it is required or permitted by law).

A. Personal data processing of the visitors of the website operated by JBG-2

In connection with your use of our website, we process the personal data sent by your browser to our server. The processing of this personal data is necessary for the proper functioning of our website and to ensure the stability and safety of the user. The processing is carried out on the basis of Art. 6(1)(f) of GDPR. The data processed should include: IP address, date and time of session start, time zone information, source page information, access status/http access code, page address, browser type, operating system and its interface, software language and version of the browser.

The information concerning cookies may be found in point 3 of this Privacy Policy.

B. Personal data processing within the contact form

In the ‘contact’ tab on our website you will find a contact form that allows you to submit a query with respect to the business activity conducted by JBG-2.

The contact form collects from the user the following data: first name and surname, e-mail address and telephone number. Optionally, within the content of the query, the user can make available to JBG-2 other personal data which are provided voluntarily and in accordance with the will expressed by the user. The data such as first name and surname, e-mail address is necessary in order for the user to make them available because by providing them we will be able to accomplish the intended goal, i.e. provide an answer to the question asked by the user.

The contact form meets the requirements of Article 5(1)(c) of the GDPR, i.e. the personal data processed are adequate, relevant and limited to what is necessary for the purposes for which they are processed ('data minimisation').

Personal data are processed on the basis of the user’s consent using the contact form, i.e. on the basis of Article 6(1)(a) of the GDPR. The consent is given on a voluntary basis and collected by JBG-2 as opt-in, i.e. the user, on its own, marks the box of consent to the processing of personal data, thus avoiding the situation in which the box is automatically marked by the system or is marked from the very beginning, which in consequence could violate the obligation of voluntary consent by the user (Article 7 of the GDPR).
It is also crucial that the user independently decides which data he/she provides within the framework of the contact form with the exception of the necessary minimum information such as first name, surname, e-mail address and the query itself.

The full scope of rights and obligations of the user in relation to the processing of personal data (in accordance with Article 13 of the GDPR) has been included in the information clause in point 2.6. Privacy Policy.

C. Personal data processing within the recruitment form

In the “company” – “carrier” tab on our website you will find an recruitment form for persons who are interested in working in our company JBG-2 in administrative or production department. Employment form allows user to file the Curriculum Vitae in transparent form and what is the most important meeting binding personal data protection law provisions.

Above-mentioned personal data collection is based on article 221 of Labour Code, or in a wider extent on consent of the person who filed recruitment form.

The recruitment forms meets the requirements of Article 5(1)(c) of the GDPR, i.e. the personal data processed are adequate, relevant and limited to what is necessary for the purposes for which they are processed ('data minimisation'). We do not require from the user data that will not be necessary in recruitment process- e.g. photo of a candidates.

Our website uses Google Analytics, a web analytic service provided by Google Inc (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Google Analytics uses cookies stored on the user’s computer which enable the analysis of the use of the website. The information generated by the cookies about the use of our website is usually transferred to a Google server in the USA and stored there. Google will use this information on behalf of the operator of this website for the purpose of evaluating the use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage. In exceptional cases where personal data are transferred to USA, Google provided the EU-USA Privacy Shield.

IP address sent by Google Analytics will not be linked with other data by Google.
You can prevent the storage of cookies by setting your browser software. However, it needs to be remembered that if you do this, you may not be able to use all the functions of the website. You may also prevent Google from collecting the data generated by the cookies and related to your use of the website (including your IP address), as well as the processing of this data by Google using the appropriate browser plug-in.

This website also uses Google Analytics to analyse the number of visits on various devices by means of a user’s ID.

The legal basis for the processing of personal data is Art. 6(1)(f) of GDPR.

The full scope of the rights and obligations of the user in relation to the processing of personal data (in accordance with Article 13 of the GDPR) has been included in the information clause in point 2.6. Privacy Policy.

E. Social Media

On our website you will find links to social networking sites, where information about us and our activities is posted.

F. Uploading YouTube videos on the website

On our website you may find the videos which are stored within the www.youtube.com and they can be directly played on the website. All videos are included in extended privacy mode, which means that you do not transfer data about yourself as a YouTube user if you do not play videos. Only when you are playing videos, the data referred to in point A will be transmitted. We have no influence on the afore-mentioned data transfer.

YouTube receives information about the website used. It happens whether YouTube provides a user account to which you are logged in or whether you do not have a user account. If you log in to Google account, your data will be assigned directly to your account. If you do not want to link your profile with YouTube, you must log out of your Google account before activating the video play button. YouTube stores your data as user profiles and uses it for advertising, market research or website design purposes. This assessment is used, in particular, to ensure that we provide appropriate advertising and inform other social network users about the activities on our website. You have the right to object to the creation of these user profiles by YouTube, by requiring an automatic redirection to the YouTube website to use it.

For further information on the scope and purpose of data collection and processing by YouTube may be found in its Privacy Policy.

G. Website integration with Google Maps

As part of our website, we also use Google Maps. That is why, we provide the possibility of displaying the interactive map directly on the website and the convenience of using the map's functions.

In relation to the use of Google Maps, the provisions of section D apply.

2.4. How long do we process personal data?

The length of time we may process personal data depends on the legal basis on which the processing of personal data is legally required by JBG-2. In the applicable JBG-2’s policies we determine that we must never process personal data for a period longer than is required by the above-mentioned legal basis.

Accordingly, we inform you that:

a) In the case if JBG-2 processes personal data on the basis of the consent, the processing period lasts until the intended purpose is achieved or the fixed archiving period expires, in any case:
– recruitment form – for the period of conducting recruitment procedure and after its cessation or in case of filing recruitment form while there is no recruitment for the period of 6 months starting from the date of cessation of recruitment or filing the recruitment form;
– contact form – for the period of the parties' correspondence on the question asked.

b) in case if JBG-2 processes personal data on the basis of justified interest of the Data Controller, the processing period lasts until the above-mentioned interest ceases (e.g. period of prescription of civil law claims) or until the Data Subject objects to such processing - in situations where such objection is legally possible.

c) In the event that JBG-2 processes personal data because it is necessary due to the applicable legal regulations, the periods of data processing for this purpose are determined by these regulations.

2.5. When and how do we transfer personal data with third parties? Do we transfer personal data to third countries?

We only transfer personal data to others if we are permitted to do so by law. In such a case, we provide for data protection provisions and security features in the relevant agreement with a third party in order to protect your personal data and to maintain our standards in the scope of data protection, confidentiality and security.

If we transfer personal data, of which we are the administrator, to other entities for the performance of certain activities on our behalf, we conclude a special agreement with such an entity. Such agreements are called personal data processing agreements (Art. 28 of GDPR), thanks to it, JBG-2 has control over how and to what extent the entity, to which JBG-2 entrusted the processing of certain categories of personal data, processes them. Personal data processing agreements include obligations that the personal data processing entity:

– processes personal data exclusively on the Data Controller's documented instructions - including the transfer of personal data to a third country or an international organisation - unless such an obligation is imposed on the Data Controller by the Union law or by the law of the Member State of the processing entity, in such a case the processing entity shall inform the Data Controller of this legal obligation prior to the start of the processing, provided that this right does not prohibit the provision of such information on the grounds of important public interest;

– ensures that persons authorised to process personal data have undertaken to keep confidentiality or are subject to an appropriate statutory confidentiality obligation;

– takes all measures required under Article 32 of the GDPR;

– considering the nature of the processing, it shall, as far as possible, assist the Data Controller, through appropriate technical and organisational measures, to comply with the Data Subject's requests for the exercise of its rights set out in Chapter III of the GDPR;

– considering the nature of the processing and the information available to this entity, it shall assist the Data Controller in fulfilling the obligations set out in Articles 32 to 36 of the GDPR;

– upon termination of the provision of processing services, depending on the decision of the Data Controller, the processing entity erasures or returns any personal data and deletes any existing copies, unless the Union law or the law of a Member State requires the storage of personal data;

– makes available to the Data Controller all information necessary to demonstrate compliance with the obligations set out in Article 28 of the GDPR and allows the Data Controller or auditor authorised by the Data Controller to carry out audits, including inspections and contributes to them.

In relation to personal data collected by JBG-2 within the operated website www.jbg2.com, no provision is made for personal data to be made available to third parties, with the exception of possible access:

– IT company operating the website on behalf of JBG-2;

– entities providing hosting services for JBG-2;

– entities carrying out marketing or sales campaigns for JBG-2;

– other JBG-2’s subcontractors providing services in the field of software, software maintenance services including website.

Additionally, as it was pointed out previously, JBG-2 is a part of JBG corporate group of companies and as a result, certain personal data may be transferred to other companies in the JBG corporate group, which constitutes a legitimate interest of the Data Controller (Article 6(1)(f) of the GDPR).

In the case of personal data transferred outside the territory of the Republic of Poland, it should be noted that: cross-border transfers may concern the countries which do not belong to the European Economic Area (‘EEA’) and countries in which there are no regulations specifying special protection of personal data. We have taken steps to ensure adequate protection of all personal data and the lawfulness of the transfer of personal data also outside the EEA. In the case of transfer of personal data outside the EEA to the country, which according to the European Commission does not ensure a proper level of protection of personal data, the transfer takes place exclusively on the basis of an agreement considering the EU requirements in the scope of the transfer of personal data outside the EEA.

2.6. What are the rights of Data Subjects and how to exercise them? [information clause]

Natural persons have certain rights concerning their personal data and JBG-2, as the Data Controller, is responsible for the exercise of these rights in accordance with applicable laws. If you have any questions or requests concerning the scope and exercise of your rights, as well as to contact us in order to exercise your specific data protection rights, please contact us at the following e-mail address:iod@jbg2.com.

We reserve the right to exercise the following rights after positive verification of the identity of the person applying for a given action.

A. Access to personal data

Natural persons have the right to access the data that we store as a Data Controller. This right mat be exercised by sending e-mail to the address: iod@jbg2.com.
B. Modification, rectification or erasure of personal data

Modifications, including updating, rectification or erasure of personal data which are processed by JBG-2 may be carried out by sending e-mail to the address: iod@jbg2.com.

The right to erasure data may be exercised e.g. when personal data of a natural person will no longer be necessary for the purposes for which they were collected by JBG-2 or a natural person withholds its consent for data processing by JBG-2. Additionally, if a natural person objects to the processing of his or her data or if his or her data will be processed unlawfully. The erasure of such data should be carried out in order to comply with a legal obligation.

C. Withdrawal of the consent

In the event of personal data processing on the basis of a consent, natural persons have the right to withdraw this consent at any time. We inform about this right at any time during the collection of consents and allow you to withdraw your consent as easily as it was given. If there is no different information, i.e. if we have not provided a different address or contact number for withdrawal of the consent, please send us an e-mail at the following address: iod@jbg2.com.
D. Right to the restriction of processing or object to the processing of personal data

Natural persons have the right to restrict or object to the processing of their personal data at any time, on the basis of their particular situation, unless processing is required by law.

Natural person may object to the processing of personal data, if:

- the processing of personal data is based on the legitimate interest of the Data Controller or for statistical purposes and the objection is justified by the particular situation in which it finds itself;

- personal data are processed for the purposes of direct marketing of the Data Controller, including profiled for this purpose.

In relation to the request to restrict the processing of personal data, we inform you that it is possible when:

– the Data Subject argues against the correctness of the personal data - for a period allowing the Data Controller to check the correctness of the data;

– the processing is unlawful and the Data Subject objects to the erasure of personal data and instead demands the restriction on their use;

– the Data Controller no longer needs personal data for the purposes of the processing, but they are needed by the Data Subject for the determination, assertion or defence of claims;

– the Data Subject has objected under Article 21(1) of the GDPR to the processing of personal data by the Data Controller, -until it is determined whether the Data Controller's legitimate grounds are superior over the Data Subject's grounds for objection.

E. Right to data transfer

The Data Subject has the right to receive, in a structured, machine-readable format in common use, personal data relating to him/her that has been supplied to the Data Controller and has the right to forward those personal data to another Data Controller without hindrance of the Data Controller to whom the personal data have been supplied, if any:

– the processing is carried out on the basis of the consent in accordance with Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR; or

– under the agreement within the meaning of Article 6(1)(b) of the GDPR; and

– the processing takes place in an automated manner

In exercising the right of personal data transfer, the user has the right to demand that it is sent by the Data Controller directly to another Data Controller, as far as it is technically possible.

The right of data transfer shall not adversely affect the rights and freedoms of others.

If you wish to exercise these rights, please send an e-mail to the following address: iod@jbg2.com.

F. Further questions, concerns and complaints

If you have any questions, objections or concerns about the content of this Privacy Policy or the way in which we process personal data, as well as complaints concerning these issues, please send us an email with details to the following e-mail address: iod@jbg2.com. All complaints we receive will be considered and answered.

Persons whose personal data are being processed by JBG-2 have the right to lodge a complaint to the supervisory authority, which is the President of the Office for Personal Data Protection at Stawki 2, 00-193 Warszawa.

3. Cookies

As it was explained in point 2.3. A we use cookies as part of this website. That is why, we would like to inform you about the most important elements of cookies so that your use of our website is clear and understandable to you.

3.1. What are cookies?

Cookies are small files that are stored on your electronic device by the websites that you visit. Cookies contain different information that is often necessary for the website to function properly. Cookies are encrypted in such a way that unauthorized persons do not have access to them. Information collected on the basis of cookies may be read only by JBG-2 as well as - due to technical reasons – trusted partners whose services we use. What is more important, cookies cannot run programs or transfer viruses to electronic devices.

3.2. Why do we use cookies?

We divide cookies, according to the purpose for which we use them, on:

Basic cookies – installed if the user has given the consent by means of software settings installed on the electronic device. These cookies include technical and analytical cookies.

Technical cookies – are necessary for the website to function properly. We use them in order to:
– ensure that the website is displayed correctly – depending on which device you are using,
– adapt our services to your choices which are relevant to the operation of the website from technical point of view, e.g. language chosen,
– remember whether you give a consent to the display of certain content.

Analytical cookies – are necessary to settle with business partners or to measure the effectiveness of our marketing activities without identifying personal data and to improve the functioning of our website. We may use them to:
– examine statistics concerning website traffic and check its sources (redirections),
– detect various types of abuse, e.g. artificial Internet traffic (bots).

3.3. How long will we use cookies?

We also divide all cookies according to the time for which they are installed in the user's browser:

Session cookies – remain on the user's device until the user leaves the website or turns off the software (browser). They are mostly technical cookies.

Permanent cookies – remain on the user's device for the time specified in the file parameters or until they are manually deleted by the user.

3.4. Can I refuse to accept cookies?

You can always change your browser settings and reject requests for cookies. However, before you decide to change your settings, please note that cookies serve your convenience in using the website. Disabling cookies may have influence on how our website is displayed in your browser. In some cases, the website may not display at all.

3.5. How to disable cookies?

You can always change your browser settings and reject requests for cookies. However, before you decide to change your settings, please note that cookies serve your convenience in using the website. Disabling cookies may have influence on how our website is displayed in your browser. In some cases, the website may not display at all.

4. Final provisions

Are changes to this Privacy Policy possible and when?

We are obliged to review this Privacy Policy on a regular basis and to amend it when it is necessary or desirable to do so: new legislation, new guidelines for data protection authorities, best practices in the area of personal data protection (Codes of good practice, if JBG-2 will be bound by such Codes, of which we will then inform). We also reserve the right to change this Privacy Policy in the event of a change in the technology by which we process personal data (provided that the change affects the wording of this document), as well as in the event of a change in the ways, purposes or legal basis for processing personal data by us.

In order to ensure the best possible contact with us in relation to the protection of personal data, we also enable direct contact at the seat of JBG-2 as well as contact by letter (post) or telephone and for this purpose we provide the following contact details:

We use cookies to improve your use of our website and for statistical purposes. If you are not blocking these files, you agree to use them and store in memory. Remember that you can manage cookies by changing your browser settings. Click I Agree Privacy policy »